CSRF in Technologicx Add_custom_css_and_js
CVE-2024-3903
The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via…
Vulnerability class: CSRF (Cross-Site Request Forgery)
EPSS: 0.002 (11.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L.
Affected products
- Technologicx Add_custom_css_and_js
- Unknown Add Custom Css And Js — versions 0
Weakness classification (CWE)
References
- contact@wpscan.com (Exploit, technical-description, Third Party Advisory, exploit, vdb-entry)
Frequently asked questions
- What is CVE-2024-3903?
- CVE-2024-3903 is a high-severity vulnerability in Technologicx Add_custom_css_and_js, classified under Cross-Site Request Forgery (CSRF). CVSS score: 7.1/10. Published 2024-05-14.
- How severe is CVE-2024-3903?
- High severity. CVSS v3 base score is 7.1 out of 10.